--- In caplet@yahoogroups.com, "Douglas Crockford" <douglas@...> wrote:
> I am now disallowing the use of subscripting. In its place, I will be
> providing ADSAFE.get(object, name) and ADSAFE.set(object, name,
value)
> that will do checking.
>
> You can assume the presence of those methods. They will reject
> requests where the typeof object or value or the returned value are
> 'function'.
>
> If you can get past ADsafe to alert on any one browser, then ADsafe
is
> broken.

Douglas Crockford

... Quite right. I should have mentioned that get and put will also block the same members that ADsafe blocks, including names starting with _.